EC3773 Advanced Network Traffic Analysis (Short Course)

The Advanced Network Traffic Analysis short course equips students with an in-depth understanding of the tools and techniques necessary for gaining deep insight through macro and statistical analysis of network flows. Statistical analysis methods will be introduced and applied to metadata associated with network flows. Flow record and Intrusion Detection/Prevention systems will be discussed and compared. Students will be well versed in the use of the ELK stack netflow module, tcpflow, NetworkMiner, snort, Argus tools and nfdump. This is a 5-day short course.

Prerequisite

EC3772 or permission of the Instructor.

Lecture Hours

Lab Hours

0.5

Course Learning Outcomes

Demonstrate how to find the top causes of network performance problems through expert system analysis
Employ statistical tools to measure live traffic
Describe the concepts of macro flow analysis by differentiating the similarities and differences between each
Distinguish between flow content analysis and statistical flow analysis
Be familiar with flow content analysis tools such as foremost, NetworkMiner and tcpxtract
Be familiar with visual macro analysis tools such as ORA and recognize characteristic patterns of malicious traffic
Describe the concepts of software-defined networking and the openflow protocol by drawing a multi-layered network topology
Be familiar with various types of VoIP signaling
Be able to reconstruct VoIP flows
Demonstrate an understanding of the architecture of flow record collection systems by designing a system given user constraints
Use flow record analysis tools such as nfdump and Argus tools to identify anomalous traffic
Describe the concepts in statistical traffic analysis and self-similarity through probabalistic expressions
Device fundamental concepts in Intrusion Detection and Prevention Systems by providing examples for each
Program Snort rules and interpret snort alerts
Recognize communication characteristics of Advanced Persistent Threats (APT)